There are several tools, including public sources such as Whois and Nslookup, that can help you gather information about your target network (that is, your customer). Whois is usually the first stop in reconnaissance. You'll find information like the domain's registrant, its administrative and technical contacts, and a listing of their domain servers. Nslookup is a program used to query Internet domain name servers. It displays information that can be used to diagnose Domain Name System (DNS) infrastructure and find additional IP addresses. It can also use the MX record to reveal the IP of the mail server.
Another information source is ARIN (American Registry of Internet Numbers). ARIN allows you to search the Whois database to locate information on a network's autonomous system numbers (ASNs), network-related handles and other related point-of-contact info. ARIN's Whois function enables you to query the IP address to find information on the target's use of subnet addressing.
The common Traceroute utility is also very handy. Traceroute works by exploiting a feature of the Internet Protocol called Time to Live (TTL). It reveals the path IP packets travel between two systems by sending out consecutive UDP packets with ever-increasing TTLs. As each router processes an IP packet, it decrements the TTL. When the TTL reaches zero, it sends back a "TTL exceeded" ICMP message to the origination. Therefore, routers with DNS entries reveal the name of
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to SearchSecurityChannel.com you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of SearchSecurityChannel.com is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
routers, network affiliation and geographic location.
A utility called Visual Trace by McAfee displays the traceroute output visually either in map view, node view and IP view.
Here are other useful Windows-based tools for information gathering:
- VisualRoute by VisualWare includes integrated traceroute, ping tests, reverse DNS and Whois lookups, and displays the actual route of connections and IP address locations on a global map.
- Like Whois, SmartWhois by TamoSoft obtains comprehensive info about the target: IP address, host name or domain, including country, state or province, city, name of the network provider, administrator and technical support contact information. But unlike Whois utilities, SmartWhois can find the information about a computer located in any part of the world, intelligently querying the right database and delivering all the related records within a few seconds.
- Sam Spade, a freeware tool primarily used to track down spammers, can also be used to provide information about a target. It comes with a host of useful network tools including ping, nslookup, Whois, IP block Whois, dig, traceroute, finger, SMTP, VRFY, Web browser, keep-alive, DNS zone transfer, SMTP relay check and more.
Ethical hacking tools and techniques
Introduction
Information gathering
Port scanning
Vulnerability scanning
Password cracking
About the author
Russell Dean Vines is a bestselling author, Chief Security Advisor for Gotham Technology Group, LLC, and former President of the RDV Group. His most recent book is The CISSP and CAP Prep Guide, published by John S. Wiley and Sons. He is available to answer your security threat questions via Ask the Expert.
This was first published in April 2007